I wish to create shareware software that contains a registration algorithm. I am looking for a programming language, that cannot be easily decompiled into readable code. For example, C# can be decompiled into readable code.

What are my options?

Edit: I'm looking for something that can be only decompiled into assembly. Delphi, for example, cannot be decompiled like C# or Java, but from what I've heard, Delphi is dying.

With all due respect, while I understand your desire for protection, I don't think it's going to work. The people who crack software will disassemble it and figure out where to put the hooks that break your registration system. If they're able to do it to the big names who invest millions in anti-piracy measures, unfortunately they will be able to do it to you. Not saying I like this situation, mind you, but it is what it is. :(
–
John RudyNov 25 '09 at 22:57

6

Honestly, this has to be way down your list if things influencing you choice of language. Basing the language choice around what you want to do is going to help developing a program that works and people want to buy.
–
vickirkNov 25 '09 at 23:30

18

The supposed death of Delphi has been seriously overreported. It's still good and still being developed.
–
Loren PechtelNov 25 '09 at 23:59

You encrypt your code, use TPM fore holding keys, and protected memory area for holding program during runtime.
–
Maciek SawickiNov 25 '09 at 23:12

2

Maciek: You need to control the hardware, like the iPhone, Xbox, .... and TPM is a hardware thing. You have to rely on processor features like ARM TrustZone to do that.
–
Mehrdad AfshariNov 25 '09 at 23:16

I'd suggest the language of business and economics can protect your program.

If you are targeting consumers, and price it at say $10, almost all people would find it easier to pay you the $10 vs going into your program and reverse engineering it.

If you are targeting corporations, and say pricing it at $10,000, it just has to be easier to get the purchasing department to approve the payment than to reverse engineer your code. For real companies who would purchase your product, it's not worth the audit risk to have unlicensed code running.

Lastly, what are the costs/benefits of protecting your code? If you write your program in assembly instead of C#, you might have far higher production costs, while reducing the chance of reverse engineering. However, does this cost outweigh the potential lost sales? Could this time be better spent adding value for people who will buy the product? Generally, trying to sell your product to people who are never pay for software is not a economic strategy.

Since all encryption algorithms would eventually have to produce code which can be executed in memory, all they do for "protection" is give the crackers more face when they crack it. WHEN they crack it, note, not if.
–
JUST MY correct OPINIONJul 4 '10 at 15:58

It is possible, but only if you can secure the platform to prevent smart people from accessing the code and / or the keys used to decrypt it. TPM tries to do this, but it requires hardware support, OS support, chains of trust, etc. It is simply not an economic proposition for a shareware app.
–
Stephen CNov 25 '09 at 23:57

1

You can't prevent smart people from deciphering the instructions, at some level "smart people" will be able to see the instruction set, if they can see the instruction set they can change it. If they can change it, they can change how it works, such as bypassing the security.
–
Jason DNov 26 '09 at 5:04

Actually, they wouldn't bother decompiling it, since raw hex machine code is much more readable than a few languages I could name. Actually, if you coded that in a language like Intercal, it would be automatically obfuscated.
–
David ThornleyNov 25 '09 at 23:00

The difference with my locks is that, if somebody wants to break in, they have to pick my locks (probably not too difficult), and they have to be there. With something like this, it takes one person to figure out what you've done and publish it on the net. Imagine how locks would work if one person, working remotely, could jam every lock in the country so they wouldn't lock.
–
David ThornleyNov 25 '09 at 22:58

True, but that starts getting very philosophical - you could ask why anyone buys MP3s from iTunes when they can just get them for free (the lock has already been broken), etc. As the old saying goes, locks don't really keep thieves out, they keep honest people honest :)
–
ChiraelNov 25 '09 at 23:01

I suspect the only reason people by MP3s from iTunes is that they've been brainwashed into thinking the media distribution war hadn't been won by the open community. "Derrr I guess the music industry owns the Internet.."
–
PP.Nov 25 '09 at 23:12

I am going to make the assumption that because you're writing shareware and you mention a registration algorithm you are wanting to protect your software from a keygen or patch that bypasses the restrictions on your trial versions.

Really the most you can do is deter. Like others have mentioned there are obfuscation techniques available, but they are not preventative. There are commercial software packers available which compress the file and make it initially unreadable. But the program has to be decompressed at some point so the machine can run it, so it's still reversible.

And that is pretty much the crutch against any of the anti-reversing techniques you'll see. It has to be interpreted by the machine at some point. More modern packers use anti-debugging techniques to deter the more novice reversers. But these techniques end up being documented rather quickly on popular reversing sites. Many of the techniques are bypassed with nothing more than a simple debugger plugin.

The only way I can think of to protect your executable from being arbitrarily reversed is to run the whole thing on a server you control and just pipe the output to users. But that's not always feasible.

As far as your language options go, take a loot at this. I can't really speak to how complete it is but I'm sure some others can add languages they think of.

If you're lookig "for something that can be only decompiled into assembly", that essentially means that you want to use a language that gets compiled (or assembled) directly into a native code executable.

The usual prime suspects then are C, C++, Delphi, VB6. Of course, also assembly meets your criteria, although I doubt you'd want to write any project of decent size in it.

This is not so much a matter of choosing the right language as it is finding a tool that will do code obfuscation for you. Nothing is bulletproof, but there are efforts to accomplish this sort of thing.